There is truth in numbers, and the numbers show that more agencies are considering a cloud-first approach. Discussions surrounding cloud services in federal government are no longer focused on whether agencies intend to utilize the cloud, but to what extent.
According to Cisco’s 2018 Security Capabilities Benchmark Study, government agencies are migrating to the cloud to increase security, but the utilization of multiple clouds in government agencies is generating new concerns regarding threats to user information, applications and data.
At a recent GovLoop training in partnership with Cisco, “Cloud and Cyber Combine to Protect Government Data,” Will Ash Sr., Director of Cybersecurity, U.S. Public Sector, Cisco Systems asserted that cloud access security brokers (CASB) like Cisco’s Cloudlock can put common government security fears at ease in the era of multi-cloud.
Security Concerns with Multi-Cloud
With the introduction of new cloud services, agencies might be tempted to rely on Federal Risk and Authorization Management Program (FedRAMP) certified systems for full security.
“While it is a phenomenal control system, FedRAMP certification of a service is not enough. Universally, regardless of whether you’re using Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) or Software-as-a-Service (Saas), the security of users, data and applications are still the responsibility of the customer and not the cloud service provider,” Ash Sr. said.
Each of these security categories create different critical security concerns for government agencies, especially in the case of SaaS:
Users and Accounts: The inability to track users and accounts create insider threat concerns within an agency. According to Ash Sr. “There are users that have multiple devices that are accessing different applications. It has completely extended the security perimeter we’re used to and makes it near impossible to find all of the malicious traffic.”
Data: There is already a high level of data sharing within organizations and multi-cloud leads to an increase in cloud-to-cloud network traffic. “The data that is most valuable to an organization has the propensity to be toxic when in the wrong hands,” Ash Sr. said. And increased network traffic often results in an increase of inappropriate and insecure data sharing.
Applications: With hackers exploiting OAuth, a cloud protocol used to grant applications access to information, agencies need to consider special security considerations to protect third-party connected applications from phishing attempts.
The Cloudlock Solution
Cisco’s Cloudlock, which was recently FedRAMP authorized, is a CASB that helps agencies safely move to the cloud and combat data breeches, while meeting compliance regulations. The automated approach uses APIs to manage risk and address the three, aforementioned critical cloud security use cases.
User and Accounts: Cloudlock utilizes user and entity behavior analytics to detect usage anomalies and prevent the compromising of accounts and insider threats.
Data Security: A full Cloud Data Loss Prevention solution enables agencies to identify and respond to data exposures and leakages, as well as compliance violations.
Application Security: An Applications Firewall provides OAuth discovery and control, allowing Cloudlock to protect agencies from over-privileged applications.
Ash Sr. says that with the use of Cloudlock, agencies can experience a cohesive and secure multi-cloud system.
“The clouds are superb at what they are tasked to do, but they have trouble working together. We at Cisco feel confident that Cloudlock can integrate security into the cloud and encourage safe, cloud-to-cloud sharing of insights.”